#!/bin/bash

# We have to copy the certificates because we cannot change permissions on them as mounted secrets and voms-proxy is particular about permissions
cp /opt/rucio/certs/{{ RUCIO_LONG_PROXY }} /tmp/long.proxy
chmod 600 /tmp/long.proxy

# Generate a proxy with the voms extension if requested
voms-proxy-init --debug -valid 96:00 -cert /tmp/long.proxy -out /tmp/x509up {% if RUCIO_FTS_VOMS is defined -%}-voms {{ RUCIO_FTS_VOMS }}{%- endif %} -rfc -n

# Create the corresponding kubernetes secrets if asked
{% if RUCIO_FTS_SECRETS is defined %}
{% set secrets = RUCIO_FTS_SECRETS.split(',') %}
{% for secret in secrets %}
kubectl create secret generic  {{ secret }} --from-file=/tmp/x509up --dry-run=client -o yaml | kubectl apply --validate=false  -f  -
{% endfor %}
{% endif %}

